Discovered about 1 year ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/concerns/has_environment_scope.rb:66

where("        environment_scope IN (:wildcard, :environment_name) OR\n          :environment_name LIKE\n            #{::Gitlab::SQL::Glob.to_like("environment_scope")}\n", :wildcard => "*", :environment_name => environment_name)

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/has_environment_scope.rb or mark it as false positive.